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REMARKS 

Applicant respectfully requests reconsideration and allowance of the 
subject application. Claims 33-36 and 71-75 have been canceled. Claims 1-32 
and 37-70 are pending, of which claims 20-25, 27, 29, 37, 39, 41, 61, and 64 have 
been amended. 

35 U.S.C. $102 Claim Rejections 

Claims 1-8, 20-24, 33-36, 45-54, and 71-74 are rejected under 35 U.S.C. 
§102(e) as being anticipated by U.S. Patent No. 6,415,280 to Farber et al. 
(hereinafter, "Farber") {Office Action p.2). Claims 33-36 and 71-74 have been 
canceled. Applicant respectfully traverses the rejection of claims 1-8, 20-24, and 
45-54. 

Claims 14-19 are rejected under 35 U.S.C. § 102(e) as being anticipated by 
U.S. Patent Publication No. 2002/0083178 to Brothers (hereinafter, "Brothers") 
{Office Action p. 14). Applicant respectfully traverses the rejection. 

Claim 1 recites a network system comprising: 

a security component to determine whether the replica resource will pose a 
security risk to the second device upon receipt of a request for the replica resource, 
the security component: 

formulating a descriptor corresponding to the replica resource and 
comparing the formulated descriptor with the cached descriptor; and 

if the formulated descriptor and the cached descriptor are not 
equivalent, formulating a second descriptor corresponding to the original 
resource and comparing the formulated descriptor with the second 
descriptor. 
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Farber does not show or disclose "formulating a second descriptor 
corresponding to the original resource and comparing the formulated descriptor 
with the second descriptor", as recited in claim 1 . Farber describes steps to verify 
a data item (e.g., a True File) - (C) calculate the True Name, (D) confirm that the 
calculated True Name is equal to the given True Name, and (E) if the True Names 
are not equal, indicate an error {Farber col .31, lines 26-56). If Farber determines 
that the True Names (e.g., descriptors) are not equal, Farber only indicates an error 
rather than "formulating a second descriptor corresponding to the original resource 
and comparing the formulated descriptor with the second descriptor", as recited in 
claim 1 . 

The Office cites Farber for examining data identities of data items and for 
disclosing that if an error is found, the system can find another source for the True 
Name {Office Action pp.3-4; Farber col.31, lines 31-33; col.3, lines 35-38). 
However, these sections of Farber do not describe "formulating a descriptor 
corresponding to the replica resource and comparing the formulated descriptor 
with the cached descriptor", and then "if the formulated descriptor and the cached 
descriptor are not equivalent, formulating a second descriptor corresponding to the 
original resource and comparing the formulated descriptor with the second 
descriptor", as recited in claim 1 . 

Accordingly, independent claim 1 along with dependent claims 2-8 are 
allowable over Farber and Applicant respectfully requests that the §102 rejection 
be withdrawn. 
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Claim 20 recites a network server system comprising "a server component 
in a network server to receive a request for a resource maintained on the network 
server and, in response to the request, implement security policies to prevent 
unauthorized access to the resource", and "a security component in a computing 
device remote to the network server and registerable with the server component 
during run-time to determine whether the resource will pose a security risk to the 
network server upon receipt of the request." 

Farber does not show or disclose "a security component in a computing 
device remote to the network server and registerable with the server component 
during run-time", as recited in claim 20. The Office cites Farber for disclosing 
that data items in the system can be verified for integrity and for security purposes 
{Office Action p.6; Farber col.34, lines 45-49). However, Farber does not 
describe any such security component, a security component in a computing 
device remote to the network server, or a security component that is registerable 
with the server component during run-time", as recited in claim 20. 

Accordingly, claim 20 is allowable over Farber and Applicant respectfully 
requests that the §102 rejection be withdrawn. 

Claims 21-24 are allowable by virtue of their dependency upon claim 20. 
Additionally, some or all of claims 21-24 are allowable over Farber for 
independent reasons. For example: 
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Claims 23 and 24 recite that "if the formulated descriptor and the cached 
descriptor are not equivalent", the security component "formulates a second 
descriptor corresponding to an original resource maintained on a file server 
remotely located from the network server". As described above in the response to 
the rejection of claim 1, if Farber determines that True Names (e.g., descriptors) 
are not equal, Farber only indicates an error rather than formulating "a second 
descriptor corresponding to an original resource", as recited in claims 23 and 24. 

Accordingly, claims 23 and 24 are allowable over Farber and the §102 
rejection should be withdrawn. 

Claim 45 recites a method comprising "if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor 
corresponding to the original resource", "comparing the formulated descriptor 
with the second descriptor", and "determining that the replica resource does not 
pose a security risk if the formulated descriptor and the second descriptor are 
equivalent." 

As described above in the response to the rejection of claim 1, Farber only 
indicates an error if determining that True Names are not equal. Farber does not 
describe that "if the formulated descriptor and the cached descriptor are not 
equivalent, formulating a second descriptor corresponding to the original 
resource" and then "comparing the formulated descriptor with the second 
descriptor", as recited in claim 45. 
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Accordingly, independent claim 45 along with claims 46-54 are allowable 
over Farber and Applicant respectfully requests that the §102 rejection be 
withdrawn. 

Claim 14 recites a network server comprising "a server component to 
receive a request for a resource maintained on the network server and, in response 
to the request, implement security policies to prevent unauthorized access to the 
resource", and "a security component that is registerable with the server 
component during run-time to determine whether the request will pose a security 
risk to the network server." 

Brothers does not show or disclose "a security component that is 
registerable with the server component during run-time to determine whether the 
request will pose a security risk to the network server", as recited in claim 14. The 
Office cites Brothers for disclosing the claimed security component {Office Action 
p. 14; Brothers ^[0109, lines 10-13). However, Brothers only describes an access 
right enforcer module to retrieve key data and determine whether a resource 
system is authorized to receive a requested resource {Brothers 1f0109, lines 10-13; 
1J0104, p.ll, lines 34-37). Brothers does not describe a security component to 
determine whether a request will pose a security risk, as recited in claim 14. 

Accordingly, claim 14 is allowable over Brothers and Applicant 
respectfully requests that the §102 rejection be withdrawn. 
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Claims 15-19 are allowable by virtue of their dependency upon claim 14. 
Additionally, some or all of claims 15-19 are allowable over Brothers for 
independent reasons. For example: 

Claims 17 and 19 recite the security component determines that the request 
is not a security risk "if individual arguments do not exceed a maximum number 
of characters", and "if a total number of characters defining all of the arguments 
do not exceed a maximum number of characters." Brothers does not show or 
disclose determining if a total number of characters defining all of the arguments 
exceed a maximum number of characters, as recited in claims 17 and 19. 

The Office cites Brothers for disclosing parameter data that defines the 
format of a URL string, and that the parameter data can indicate a maximum 
number of characters for each field of the URL string (Office Action p. 15; 
Brothers ^f0170, lines 6-9). However, Brothers does not describe determining if a 
total number of characters defining all of the arguments exceed a maximum 
number of characters, as recited in claims 17 and 19. 

Accordingly, claims 17 and 19 are allowable over Brothers and the §102 
rejection should be withdrawn. 

35 U.S.C. S103 Claim Rejections 

Claims 9-13, 55-60, and 75 are rejected under 35 U.S.C. § 103(a) for 
obviousness over Farber in view of Brothers (Office Action p. 16). Claim 75 has 
been canceled. Applicant respectfully traverses the rejection of claims 9-13 and 
55-60. 
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Claims 25-32, 37-44, and 61-70 are rejected under 35 U.S.C. § 103(a) for 
obviousness over Brothers in view of Farber {Office Action p.22). Applicant 
respectfully traverses the rejection. 

Claims 9-13 are allowable by virtue of their dependency upon claim 1 
(via claim 8) which is allowable over Farber as described above in the response to 
the §102 rejection of claim 1. Claim 1 is not rejected over Brothers, and is 
allowable over Farber. Accordingly, claims 9-13 are allowable over the 
Farber-Brothers combination and the §103 rejection should be withdrawn. 

Additionally, some or all of claims 9-13 are allowable over the 
Farber-Brothers combination for independent reasons. For example: 

Claims 11 and 13 recite the security component "determines that the 
request is not a security risk if individual arguments do not exceed a maximum 
number of characters", and "if a total number of characters defining all of the 
arguments do not exceed a maximum number of characters." Farber does not 
teach the security component, and the Office cites Brothers for teaching a security 
component that determines a number of characters of individual arguments {Office 
Action p. 17; Brothers Tf0170, lines 6-9). However, as described above in the 
response to the rejection of claims 17 and 19 (§102 rejection), Brothers does not 
describe determining if a total number of characters defining all of the arguments 
exceed a maximum number of characters, as recited in claims 1 1 and 13. 

Accordingly, claims 11 and 13 are allowable over the Farber-Brothers 
combination and the §103 rejection should be withdrawn. 
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Claim 25 recites a network server comprising "a security component that is 
registerable with the Internet server during run-time, the security component 
having" "a validation component to determine whether the request will pose a 
security risk to the network server by determining if a total number of characters 
defining all of the arguments of the request exceeds a maximum number of 
characters." 

Farber does not teach the validation component, and the Office cites 
Brothers for teaching the validation component to determine whether a request 
will pose a security risk {Office Action p.22; Brothers 1J0170). However, as 
described above in the response to the rejection of claims 17 and 19 
(§102 rejection), Brothers does not describe determining if a total number of 
characters defining all of the arguments exceeds a maximum number of characters, 
as recited in claim 25. 

Accordingly, claim 25 is allowable over the Farber-Brothers combination 
and Applicant respectfully requests that the § 103 rejection be withdrawn. 

Claims 26-32 are allowable by virtue of their dependency upon claim 25. 
Additionally, some or all of claims 26-32 are allowable over the Farber-Brothers 
combination for independent reasons. For example: 

Claims 31 and 32 recite that "if the formulated descriptor and the cached 
descriptor are not equivalent", the integrity verification component "formulates a 
second descriptor corresponding to an original resource maintained on a file server 
remotely located from the network server" and "compares the formulated 
descriptor with the second descriptor". 
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As described above in the response to the rejection of claim 1 
(§102 rejection), Farber only indicates an error if determining that True Names are 
not equal. Farber does not describe that if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor 
corresponding to the original resource and then comparing the formulated 
descriptor with the second descriptor, as recited in claims 31 and 32. The Office 
recognizes that Brothers does not teach an integrity verification component {Office 
Action p.22). 

Accordingly, claims 31 and 32 are allowable over the Farber-Brothers 
combination and the §103 rejection should be withdrawn. 

Claim 37 recites one or more computer readable media containing a 
security application comprising "a validation component to determine whether a 
request for a resource poses a security risk by determining if a total number of 
characters defining all of the arguments of the request exceeds a maximum 
number of characters", and "an integrity verification component to determine 
whether the resource poses a security risk." 

Farber does not teach the validation component, and the Office cites 
Brothers for teaching the validation component to determine whether a request 
will pose a security risk {Office Action p.23; Brothers 1J0170). However, as 
described above in the response to the rejection of claims 17 and 19 
(§102 rejection) and claim 25, Brothers does not describe determining if a total 
number of characters defining all of the arguments of the request exceeds a 
maximum number of characters, as recited in claim 37. 



!ee@hayes 



38 



MSI-722US.M01 



'I 

1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



Accordingly, claim 37 is allowable over the Farber-Brothers combination 
and Applicant respectfully requests that the §103 rejection be withdrawn. 

Claims 38-44 are allowable by virtue of their dependency upon claim 37. 
Additionally, some or all of claims 38-44 are allowable over the Farber-Brothers 
combination for independent reasons. For example: 

Claims 43 and 44 recite that "if the formulated descriptor and the cached 
descriptor are not equivalent", the integrity verification component "formulates a 
second descriptor corresponding to an original resource remotely located" and 
"compares the formulated descriptor with the second descriptor". 

As described above in the response to the rejection of claim 1 
(§102 rejection), Farber only indicates an error if determining that True Names are 
not equal. Farber does not describe that if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor 
corresponding to the original resource and then comparing the formulated 
descriptor with the second descriptor", as recited in claims 43 and 44. The Office 
recognizes that Brothers does not teach an integrity verification component {Office 
Action p.23). 

Accordingly, claims 43 and 44 are allowable over the Farber-Brothers 
combination and the §103 rejection should be withdrawn. 

Claims 55-60 are allowable by virtue of their dependency upon claim 45 
(either directly or indirectly) which is allowable over Farber as described above in 
the response to the §102 rejection of claim 45. Claim 45 is not rejected over 
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Brothers, and is allowable over Farber. Accordingly, claims 55-60 are allowable 
over the Farber-Brothers combination and the §103 rejection should be withdrawn. 

Additionally, some or all of claims 55-60 are allowable over the 
Farber-Brothers combination for independent reasons. For example: 

Claims 56 and 58 recite determining that the resource does not pose a 
security risk if "individual arguments do not exceed a maximum number of 
characters", and "if a total number of characters defining all of the arguments do 
not exceed a maximum number of characters." The Office recognizes that Farber 
does not teach uniform resource locators, and cites Brothers for determining if 
individual arguments exceed a maximum number of characters (Office Action 
p. 19; Brothers f0170, lines 6-9). However, as described above in the response to 
the rejection of claims 17 and 19 (§102 rejection), Brothers does not describe 
determining if a total number of characters defining all of the arguments exceed a 
maximum number of characters, as recited in claims 56 and 58. 

Accordingly, claims 56 and 58 are allowable over the Farber-Brothers 
combination and the §103 rejection should be withdrawn. 

Claim 61 recites "determining whether the request will pose a security risk 
by determining if a total number of characters defining all of the arguments of the 
request exceeds a maximum number of characters". 

Farber does not teach determining whether a request will pose a security 
risk, and the Office cites Brothers for determining if individual arguments of the 
request exceed a maximum number of characters (Office Action p.28; Brothers 
Tf0170). However, as described above in the response to the rejection of claims 17 
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and 19 (§102 rejection) and claim 25, Brothers does not describe determining if a 
total number of characters defining all of the arguments of the request exceeds a 
maximum number of characters, as recited in claim 61. 

Accordingly, claim 61 is allowable over the Farber-Brothers combination 
and Applicant respectfully requests that the § 103 rejection be withdrawn. 

Claims 62-70 are allowable by virtue of their dependency upon claim 61 
(either directly or indirectly). Additionally, some or all of claims 62-70 are 
allowable over the Farber-Brothers combination for independent reasons. For 
example: 

Claims 67 and 68 recite that "if the formulated descriptor and the cached 
descriptor are not equivalent, formulating a second descriptor corresponding to an 
original resource remotely located" and "comparing the formulated descriptor with 
the second descriptor". 

As described above in the response to the rejection of claim 1 
(§102 rejection), Farber only indicates an error if determining that True Names are 
not equal. Farber does not describe that if the formulated descriptor and the 
cached descriptor are not equivalent, formulating a second descriptor 
corresponding to the original resource and then comparing the formulated 
descriptor with the second descriptor, as recited in claims 67 and 68. The Office 
recognizes that Brothers does not teach determining whether a resource will pose a 
security risk {Office Action p.28). 

Accordingly, claims 67 and 68 are allowable over the Farber-Brothers 
combination and the §103 rejection should be withdrawn. 
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Conclusion 

Pending claims 1-32 and 37-70 are in condition for allowance. Applicant 
respectfully requests reconsideration and issuance of the subject application. If 
any issues remain that preclude issuance of this application, the Examiner is urged 
to contact the undersigned attorney before issuing a subsequent Action. 



Respectfully Submitted, 




By: 




David A. Morasch 



Reg. No. 42,905 
(509) 324-9256x210 



lee@hayes 



42 



MSI-722US.M01 



